Circuit & Application Level Gateways
CS-431
Dick Steflik
Application Level Gateways
Also called a Proxy Firewall
Acts as a relay for application level traffic
Typical applications:
Telnet
FTP
SMTP
HTTP
More secure than packet filters
Bad packets won't get through the gateway
Only has to deal with application level packets
Simplifies rules needed in packet filter
Client connects
Gateway does in depth inspection of the
application level packet, if connection meets
criteria on the gateway rule base packet will be
proxied to the server
Proxy firewall is directly between the client and
the server on an application by application
basis
ALG Use
Many application clients can be configured to
use a specific ALG (proxy) by the end user
Firefox-Options-Advanced-Network-Connections-
Proxy
WS/FTP-Connect-Firewall-Proxy
Router can be set to forward all application
packets to specific proxy
Benefit is all user traffic is forced to a proxy
User cannot bypass the proxy
Additional ALG Benefits
Privacy
Outside world only sees the IP of the gateway not
the IPs of the end users
Prevents foreign hosts from harvesting user
addresses for later use in SPAM
Especially important for HTTP
Ideal place to do logging